Open routenull0 opened 7 years ago
Please test, PDO class and code updated to match main phpipam repository.
Trying this on Ubuntu 16.04, PHP 7.0.18, connection fails with Could not connect to database! SQLSTATE[HY000] [2002]
. Works fine without SSL. I've verified that all the certs are valid and readable by the user running the script. I've also confirmed that I'm able to connect using the mysql client with the same credentials, certificates, and ciphers, and that I'm able to connect to the mysql database from the full phpipam instance.
A packet capture at the SQL server shows a "bad handshake" message in the stream:
00000000 52 00 00 00 0a 35 2e 35 2e 35 32 2d 4d 61 72 69 R....5.5 .52-Mari
00000010 61 44 42 00 56 00 00 00 5d 75 59 3b 5c 3b 54 72 aDB.V... ]uY;\;Tr
00000020 00 ff ff 08 02 00 0f e0 15 00 00 00 00 00 00 00 ........ ........
00000030 00 00 00 61 6f 2b 27 7e 68 6e 6e 5d 66 6b 67 00 ...ao+'~ hnn]fkg.
00000040 6d 79 73 71 6c 5f 6e 61 74 69 76 65 5f 70 61 73 mysql_na tive_pas
00000050 73 77 6f 72 64 00 sword.
00000000 20 00 00 01 8d aa 0b 00 00 00 00 c0 21 00 00 00 ....... ....!...
00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
00000020 00 00 00 00 ....
00000056 16 00 00 02 ff 13 04 23 30 38 53 30 31 42 61 64 .......# 08S01Bad
00000066 20 68 61 6e 64 73 68 61 6b 65 handsha ke
Apologies for not gathering more data, my php-fu is weak these days.
Relevant sections of config.php:
# mysql db settings, if mysql selected
# ******************************/
$config['db']['host'] = "ham-ms-03";
$config['db']['user'] = "ms01-agent";
$config['db']['pass'] = "super secret password";
$config['db']['name'] = "phpipam";
$config['db']['port'] = 3306;
/**
* SSL options for MySQL
*
See http://php.net/manual/en/ref.pdo-mysql.php
https://dev.mysql.com/doc/refman/5.7/en/ssl-options.html
Please update these settings before setting 'ssl' to true.
All settings can be commented out or set to NULL if not needed
php 5.3.7 required
******************************/
$config['db']['ssl'] = true; // true/false, enable or disable SSL as a whole
$config['db']['ssl_key'] = '/usr/local/lib/phpipam-agent/ssl/ham-ms-01-key.pem'; // path to an SSL key file. Only makes sense combined with ssl_cert
$config['db']['ssl_cert'] = '/usr/local/lib/phpipam-agent/ssl/ham-ms-01-cert.pem'; // path to an SSL certificate file. Only makes sense combined with
ssl_key
$config['db']['ssl_ca'] = '/usr/local/lib/phpipam-agent/ssl/ca-cert.pem'; // path to a file containing SSL CA certs
$config['db']['ssl_capath'] = '/usr/local/lib/phpipam-agent/ssl/'; // path to a directory containing CA certs
$config['db']['ssl_cipher'] = 'DHE-RSA-AES256-GCM-SHA384'; // one or more SSL Ciphers
Hi.
I have the same problem of cybershoe?
There is a way we can better debug the problem?
Thanks
Same issue :-(
It's a mandatory for me to secure this connection. Any update regarding this ?
Thanks
Does the phpipam-agent support MySQL connection via SSL?
I do not see the options within the config.php.